framework-mcp 2.4.5 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/safeguard-manager.d.ts.map +1 -1
- package/dist/core/safeguard-manager.js +39 -106
- package/dist/core/safeguard-manager.js.map +1 -1
- package/dist/interfaces/http/http-server.js +3 -3
- package/dist/interfaces/mcp/mcp-server.js +3 -3
- package/package.json +1 -1
- package/src/core/safeguard-manager.ts +33 -100
- package/src/interfaces/http/http-server.ts +3 -3
- package/src/interfaces/mcp/mcp-server.ts +3 -3
- package/swagger.json +2 -2
|
@@ -83,7 +83,7 @@ export class FrameworkHttpServer {
|
|
|
83
83
|
res.json({
|
|
84
84
|
status: 'healthy',
|
|
85
85
|
uptime: Math.round(process.uptime()),
|
|
86
|
-
version: '2.4.
|
|
86
|
+
version: '2.4.6',
|
|
87
87
|
timestamp: new Date().toISOString()
|
|
88
88
|
});
|
|
89
89
|
});
|
|
@@ -183,7 +183,7 @@ export class FrameworkHttpServer {
|
|
|
183
183
|
this.app.get('/api', (req, res) => {
|
|
184
184
|
res.json({
|
|
185
185
|
name: 'Framework MCP HTTP API',
|
|
186
|
-
version: '2.4.
|
|
186
|
+
version: '2.4.6',
|
|
187
187
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
188
188
|
endpoints: {
|
|
189
189
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
|
|
|
222
222
|
}
|
|
223
223
|
start() {
|
|
224
224
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
225
|
-
console.log(`🚀 Framework MCP HTTP Server v2.4.
|
|
225
|
+
console.log(`🚀 Framework MCP HTTP Server v2.4.6 running on port ${this.port}`);
|
|
226
226
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
227
227
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
228
228
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -7,7 +7,7 @@ export class FrameworkMcpServer {
|
|
|
7
7
|
constructor() {
|
|
8
8
|
this.server = new Server({
|
|
9
9
|
name: 'framework-analyzer',
|
|
10
|
-
version: '2.4.
|
|
10
|
+
version: '2.4.6',
|
|
11
11
|
});
|
|
12
12
|
this.safeguardManager = new SafeguardManager();
|
|
13
13
|
this.setupHandlers();
|
|
@@ -103,7 +103,7 @@ export class FrameworkMcpServer {
|
|
|
103
103
|
safeguards,
|
|
104
104
|
total: safeguards.length,
|
|
105
105
|
framework: 'CIS Controls v8.1',
|
|
106
|
-
version: '2.4.
|
|
106
|
+
version: '2.4.6'
|
|
107
107
|
}, null, 2),
|
|
108
108
|
},
|
|
109
109
|
],
|
|
@@ -122,7 +122,7 @@ export class FrameworkMcpServer {
|
|
|
122
122
|
async run() {
|
|
123
123
|
const transport = new StdioServerTransport();
|
|
124
124
|
await this.server.connect(transport);
|
|
125
|
-
console.error('🤖 Framework MCP Server v2.4.
|
|
125
|
+
console.error('🤖 Framework MCP Server v2.4.6 running via stdio');
|
|
126
126
|
console.error('📊 Pure Data Provider for CIS Controls v8.1');
|
|
127
127
|
}
|
|
128
128
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "framework-mcp",
|
|
3
|
-
"version": "2.4.
|
|
3
|
+
"version": "2.4.6",
|
|
4
4
|
"description": "Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and cloud deployments.",
|
|
5
5
|
"main": "dist/interfaces/http/http-server.js",
|
|
6
6
|
"type": "module",
|
|
@@ -4363,10 +4363,7 @@ export class SafeguardManager {
|
|
|
4363
4363
|
"Dormant Accounts"
|
|
4364
4364
|
],
|
|
4365
4365
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4366
|
-
"
|
|
4367
|
-
"Delete",
|
|
4368
|
-
"Period of 45 days of inactivity",
|
|
4369
|
-
"Where Supported"
|
|
4366
|
+
"Dormant Accounts"
|
|
4370
4367
|
],
|
|
4371
4368
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4372
4369
|
],
|
|
@@ -4766,30 +4763,22 @@ export class SafeguardManager {
|
|
|
4766
4763
|
title: "Establish an Access Granting Process",
|
|
4767
4764
|
description: "Establish and follow a documented process, preferably automated, for granting access to enterprise assets upon new hire or role change of a user.",
|
|
4768
4765
|
implementationGroup: "IG1",
|
|
4769
|
-
assetType: ["
|
|
4766
|
+
assetType: ["Documentation"],
|
|
4770
4767
|
securityFunction: ["Govern"],
|
|
4771
4768
|
governanceElements: [ // Orange - MUST be met
|
|
4772
4769
|
"Establish",
|
|
4773
|
-
"Follow"
|
|
4774
|
-
"Account and Access Control Management",
|
|
4775
|
-
"Account and Credential Management Policy/Process",
|
|
4776
|
-
"Documentation"
|
|
4770
|
+
"Follow"
|
|
4777
4771
|
],
|
|
4778
4772
|
coreRequirements: [ // Green - The "what"
|
|
4779
4773
|
"documented process",
|
|
4780
4774
|
"granting access to enterprise assets"
|
|
4781
4775
|
],
|
|
4782
4776
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4783
|
-
"preferably automated",
|
|
4784
4777
|
"upon new hire",
|
|
4785
4778
|
"role change of a user",
|
|
4786
|
-
"New Hire",
|
|
4787
|
-
"Role Change",
|
|
4788
4779
|
"Enterprise assets"
|
|
4789
4780
|
],
|
|
4790
4781
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4791
|
-
"Account and Access Control Management",
|
|
4792
|
-
"Account and Credential Management Policy/Process"
|
|
4793
4782
|
],
|
|
4794
4783
|
relatedSafeguards: ["5.1", "6.7", "6.8"],
|
|
4795
4784
|
systemPromptFull: {
|
|
@@ -4877,25 +4866,17 @@ export class SafeguardManager {
|
|
|
4877
4866
|
title: "Establish an Access Revoking Process",
|
|
4878
4867
|
description: "Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.",
|
|
4879
4868
|
implementationGroup: "IG1",
|
|
4880
|
-
assetType: ["
|
|
4869
|
+
assetType: ["Documentation"],
|
|
4881
4870
|
securityFunction: ["Govern"],
|
|
4882
4871
|
governanceElements: [ // Orange - MUST be met
|
|
4883
4872
|
"Establish",
|
|
4884
4873
|
"Follow",
|
|
4885
|
-
"
|
|
4886
|
-
"Account and Credential Management Policy/Process",
|
|
4887
|
-
"Documentation"
|
|
4874
|
+
"Disabling Accounts, instead of Deleting accounts, may be necessary to preserve audit trails"
|
|
4888
4875
|
],
|
|
4889
4876
|
coreRequirements: [ // Green - The "what"
|
|
4890
|
-
"
|
|
4891
|
-
"revoking access to enterprise assets",
|
|
4892
|
-
"disabling accounts immediately"
|
|
4877
|
+
"Access Revoking Process"
|
|
4893
4878
|
],
|
|
4894
4879
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
4895
|
-
"preferably automated",
|
|
4896
|
-
"upon termination",
|
|
4897
|
-
"rights revocation",
|
|
4898
|
-
"role change of a user",
|
|
4899
4880
|
"Role Change",
|
|
4900
4881
|
"Termination",
|
|
4901
4882
|
"Rights revocation",
|
|
@@ -4903,9 +4884,7 @@ export class SafeguardManager {
|
|
|
4903
4884
|
"Disabling accounts immediately"
|
|
4904
4885
|
],
|
|
4905
4886
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
4906
|
-
"
|
|
4907
|
-
"Account and Access Control Management",
|
|
4908
|
-
"Account and Credential Management Policy/Process"
|
|
4887
|
+
"Preferably Automated"
|
|
4909
4888
|
],
|
|
4910
4889
|
relatedSafeguards: ["5.1", "6.7"],
|
|
4911
4890
|
systemPromptFull: {
|
|
@@ -4997,24 +4976,18 @@ export class SafeguardManager {
|
|
|
4997
4976
|
securityFunction: ["Protect"],
|
|
4998
4977
|
governanceElements: [ // Orange - MUST be met
|
|
4999
4978
|
"Require",
|
|
5000
|
-
"
|
|
5001
|
-
"
|
|
4979
|
+
"Enforce",
|
|
4980
|
+
"Where Supported"
|
|
5002
4981
|
],
|
|
5003
4982
|
coreRequirements: [ // Green - The "what"
|
|
5004
4983
|
"all externally-exposed enterprise or third-party applications to enforce MFA",
|
|
5005
|
-
"
|
|
4984
|
+
"MFA - Multi Factor Authentication"
|
|
5006
4985
|
],
|
|
5007
4986
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5008
|
-
"
|
|
5009
|
-
"Enforce",
|
|
5010
|
-
"Where supported"
|
|
4987
|
+
"MFA for all externally exposed enterprise or third-party applications"
|
|
5011
4988
|
],
|
|
5012
4989
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5013
|
-
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
5014
|
-
"Directory service",
|
|
5015
|
-
"SSO Provider",
|
|
5016
|
-
"Account and Access Control Management",
|
|
5017
|
-
"Multi-Factor Authentication Tool"
|
|
4990
|
+
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard"
|
|
5018
4991
|
],
|
|
5019
4992
|
relatedSafeguards: ["2.1", "4.1"],
|
|
5020
4993
|
systemPromptFull: {
|
|
@@ -5105,20 +5078,15 @@ export class SafeguardManager {
|
|
|
5105
5078
|
assetType: ["Users"],
|
|
5106
5079
|
securityFunction: ["Protect"],
|
|
5107
5080
|
governanceElements: [ // Orange - MUST be met
|
|
5108
|
-
"Require"
|
|
5109
|
-
"Account and Access Control Management",
|
|
5110
|
-
"Multi-Factor Authentication Tool"
|
|
5081
|
+
"Require"
|
|
5111
5082
|
],
|
|
5112
5083
|
coreRequirements: [ // Green - The "what"
|
|
5113
|
-
"MFA"
|
|
5114
|
-
"remote network access"
|
|
5084
|
+
"MFA for remote network access"
|
|
5115
5085
|
],
|
|
5116
5086
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5117
|
-
"Remote Network Access"
|
|
5087
|
+
"MFA for Remote Network Access"
|
|
5118
5088
|
],
|
|
5119
5089
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5120
|
-
"Account and Access Control Management",
|
|
5121
|
-
"Multi-Factor Authentication Tool"
|
|
5122
5090
|
],
|
|
5123
5091
|
relatedSafeguards: ["4.2", "12.7"],
|
|
5124
5092
|
systemPromptFull: {
|
|
@@ -5210,25 +5178,17 @@ export class SafeguardManager {
|
|
|
5210
5178
|
securityFunction: ["Protect"],
|
|
5211
5179
|
governanceElements: [ // Orange - MUST be met
|
|
5212
5180
|
"Require",
|
|
5213
|
-
"
|
|
5214
|
-
"Multi-Factor Authentication Tool"
|
|
5181
|
+
"Where Supported"
|
|
5215
5182
|
],
|
|
5216
5183
|
coreRequirements: [ // Green - The "what"
|
|
5217
|
-
"MFA"
|
|
5218
|
-
"all administrative access accounts",
|
|
5219
|
-
"all enterprise assets"
|
|
5184
|
+
"MFA on all administrative access accounts"
|
|
5220
5185
|
],
|
|
5221
5186
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5222
|
-
"where supported",
|
|
5223
5187
|
"All Admin Access Accounts",
|
|
5224
5188
|
"All enterprise assets",
|
|
5225
|
-
"Onsite Management"
|
|
5226
|
-
"Service Provider",
|
|
5227
|
-
"Or"
|
|
5189
|
+
"Onsite Management accounts or Service Provider Admin Accounts"
|
|
5228
5190
|
],
|
|
5229
5191
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5230
|
-
"Account and Access Control Management",
|
|
5231
|
-
"Multi-Factor Authentication Tool"
|
|
5232
5192
|
],
|
|
5233
5193
|
relatedSafeguards: ["4.1"],
|
|
5234
5194
|
systemPromptFull: {
|
|
@@ -5316,30 +5276,22 @@ export class SafeguardManager {
|
|
|
5316
5276
|
title: "Establish and Maintain an Inventory of Authentication and Authorization Systems",
|
|
5317
5277
|
description: "Establish and maintain an inventory of the enterprise's authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequently.",
|
|
5318
5278
|
implementationGroup: "IG2",
|
|
5319
|
-
assetType: ["
|
|
5279
|
+
assetType: ["Software"],
|
|
5320
5280
|
securityFunction: ["Identify"],
|
|
5321
5281
|
governanceElements: [ // Orange - MUST be met
|
|
5322
5282
|
"Establish",
|
|
5323
5283
|
"maintain",
|
|
5324
|
-
"Review and update",
|
|
5325
|
-
"
|
|
5326
|
-
"Account and Credential Management Policy/Process"
|
|
5284
|
+
"Review and update inventory",
|
|
5285
|
+
"At a minimum, monthly or more frequenlty"
|
|
5327
5286
|
],
|
|
5328
5287
|
coreRequirements: [ // Green - The "what"
|
|
5329
5288
|
"inventory of the enterprise's authentication and authorization systems"
|
|
5330
5289
|
],
|
|
5331
5290
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5332
|
-
"
|
|
5333
|
-
"at a
|
|
5334
|
-
"Hosted on-site",
|
|
5335
|
-
"Remote Service Provider",
|
|
5336
|
-
"Or",
|
|
5337
|
-
"At a minimum Annually",
|
|
5338
|
-
"More frequently"
|
|
5291
|
+
"hosted on-site",
|
|
5292
|
+
"hosted at a remote service provider"
|
|
5339
5293
|
],
|
|
5340
5294
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5341
|
-
"Account and Access Control Management",
|
|
5342
|
-
"Account and Credential Management Policy/Process"
|
|
5343
5295
|
],
|
|
5344
5296
|
relatedSafeguards: ["1.1", "2.1", "3.3", "5.6", "6.7"],
|
|
5345
5297
|
systemPromptFull: {
|
|
@@ -5431,27 +5383,17 @@ export class SafeguardManager {
|
|
|
5431
5383
|
securityFunction: ["Protect"],
|
|
5432
5384
|
governanceElements: [ // Orange - MUST be met
|
|
5433
5385
|
"Centralize",
|
|
5434
|
-
"
|
|
5435
|
-
"Account and Credential Management Policy/Process",
|
|
5436
|
-
"Identity and Access Management Tool"
|
|
5386
|
+
"Where Supported"
|
|
5437
5387
|
],
|
|
5438
5388
|
coreRequirements: [ // Green - The "what"
|
|
5439
|
-
"access control"
|
|
5440
|
-
"all enterprise assets"
|
|
5389
|
+
"access control"
|
|
5441
5390
|
],
|
|
5442
5391
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5443
5392
|
"through a directory service or SSO provider",
|
|
5444
|
-
"
|
|
5445
|
-
"
|
|
5446
|
-
"SSO Provider",
|
|
5447
|
-
"Or",
|
|
5448
|
-
"All enterprise assets",
|
|
5449
|
-
"Where Supported"
|
|
5393
|
+
"Directory Service or SSO Provider",
|
|
5394
|
+
"All enterprise assets"
|
|
5450
5395
|
],
|
|
5451
5396
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5452
|
-
"Account and Access Control Management",
|
|
5453
|
-
"Account and Credential Management Policy/Process",
|
|
5454
|
-
"Identity and Access Management Tool"
|
|
5455
5397
|
],
|
|
5456
5398
|
relatedSafeguards: ["4.1", "5.1", "5.6", "6.1", "6.2", "6.6", "12.5", "12.7"],
|
|
5457
5399
|
systemPromptFull: {
|
|
@@ -5544,30 +5486,21 @@ export class SafeguardManager {
|
|
|
5544
5486
|
governanceElements: [ // Orange - MUST be met
|
|
5545
5487
|
"Define",
|
|
5546
5488
|
"maintain",
|
|
5547
|
-
"
|
|
5548
|
-
"
|
|
5549
|
-
"
|
|
5550
|
-
"Identity and Access management Tool"
|
|
5489
|
+
"Necessary",
|
|
5490
|
+
"Perform access control reviews of enterprise assets to validate that all privileges are authorized, on a recurring schedule",
|
|
5491
|
+
"At a mimimum Annually, or more Frequently"
|
|
5551
5492
|
],
|
|
5552
5493
|
coreRequirements: [ // Green - The "what"
|
|
5553
|
-
"role-based access control"
|
|
5554
|
-
"determining and documenting the access rights necessary for each role within the enterprise to successfully carry out its assigned duties"
|
|
5494
|
+
"role-based access control"
|
|
5555
5495
|
],
|
|
5556
5496
|
subTaxonomicalElements: [ // Yellow - Sub-taxonomical elements
|
|
5557
5497
|
"Access rights",
|
|
5558
5498
|
"Each Role",
|
|
5559
|
-
"
|
|
5560
|
-
"Successfully carry out its assigned duties",
|
|
5499
|
+
"Neccesary to Successfully carry out its assigned duties",
|
|
5561
5500
|
"Determining",
|
|
5562
|
-
"Documenting"
|
|
5563
|
-
"At a minimum Annually",
|
|
5564
|
-
"More frequently",
|
|
5565
|
-
"Or"
|
|
5501
|
+
"Documenting"
|
|
5566
5502
|
],
|
|
5567
5503
|
implementationSuggestions: [ // Gray - Implementation suggestions
|
|
5568
|
-
"Account and Access Control Management",
|
|
5569
|
-
"Account and Credential Management Policy/Process",
|
|
5570
|
-
"Identity and Access management Tool"
|
|
5571
5504
|
],
|
|
5572
5505
|
relatedSafeguards: ["3.3", "4.1", "6.1"],
|
|
5573
5506
|
systemPromptFull: {
|
|
@@ -106,7 +106,7 @@ export class FrameworkHttpServer {
|
|
|
106
106
|
res.json({
|
|
107
107
|
status: 'healthy',
|
|
108
108
|
uptime: Math.round(process.uptime()),
|
|
109
|
-
version: '2.4.
|
|
109
|
+
version: '2.4.6',
|
|
110
110
|
timestamp: new Date().toISOString()
|
|
111
111
|
});
|
|
112
112
|
});
|
|
@@ -222,7 +222,7 @@ export class FrameworkHttpServer {
|
|
|
222
222
|
this.app.get('/api', (req, res) => {
|
|
223
223
|
res.json({
|
|
224
224
|
name: 'Framework MCP HTTP API',
|
|
225
|
-
version: '2.4.
|
|
225
|
+
version: '2.4.6',
|
|
226
226
|
description: 'Pure Data Provider serving authentic CIS Controls Framework data',
|
|
227
227
|
endpoints: {
|
|
228
228
|
'GET /api/safeguards': 'List all available CIS safeguards',
|
|
@@ -273,7 +273,7 @@ export class FrameworkHttpServer {
|
|
|
273
273
|
|
|
274
274
|
public start(): void {
|
|
275
275
|
this.app.listen(this.port, '0.0.0.0', () => {
|
|
276
|
-
console.log(`🚀 Framework MCP HTTP Server v2.4.
|
|
276
|
+
console.log(`🚀 Framework MCP HTTP Server v2.4.6 running on port ${this.port}`);
|
|
277
277
|
console.log(`📊 Health check: http://localhost:${this.port}/health`);
|
|
278
278
|
console.log(`📖 API docs: http://localhost:${this.port}/api`);
|
|
279
279
|
console.log(`🔧 Environment: ${process.env.NODE_ENV || 'development'}`);
|
|
@@ -18,7 +18,7 @@ export class FrameworkMcpServer {
|
|
|
18
18
|
this.server = new Server(
|
|
19
19
|
{
|
|
20
20
|
name: 'framework-analyzer',
|
|
21
|
-
version: '2.4.
|
|
21
|
+
version: '2.4.6',
|
|
22
22
|
}
|
|
23
23
|
);
|
|
24
24
|
|
|
@@ -129,7 +129,7 @@ export class FrameworkMcpServer {
|
|
|
129
129
|
safeguards,
|
|
130
130
|
total: safeguards.length,
|
|
131
131
|
framework: 'CIS Controls v8.1',
|
|
132
|
-
version: '2.4.
|
|
132
|
+
version: '2.4.6'
|
|
133
133
|
}, null, 2),
|
|
134
134
|
},
|
|
135
135
|
],
|
|
@@ -153,7 +153,7 @@ export class FrameworkMcpServer {
|
|
|
153
153
|
const transport = new StdioServerTransport();
|
|
154
154
|
await this.server.connect(transport);
|
|
155
155
|
|
|
156
|
-
console.error('🤖 Framework MCP Server v2.4.
|
|
156
|
+
console.error('🤖 Framework MCP Server v2.4.6 running via stdio');
|
|
157
157
|
console.error('📊 Pure Data Provider for CIS Controls v8.1');
|
|
158
158
|
}
|
|
159
159
|
}
|
package/swagger.json
CHANGED
|
@@ -299,7 +299,7 @@
|
|
|
299
299
|
},
|
|
300
300
|
"version": {
|
|
301
301
|
"type": "string",
|
|
302
|
-
"example": "2.4.
|
|
302
|
+
"example": "2.4.6"
|
|
303
303
|
},
|
|
304
304
|
"timestamp": {
|
|
305
305
|
"type": "string",
|
|
@@ -344,7 +344,7 @@
|
|
|
344
344
|
},
|
|
345
345
|
"version": {
|
|
346
346
|
"type": "string",
|
|
347
|
-
"example": "2.4.
|
|
347
|
+
"example": "2.4.6"
|
|
348
348
|
},
|
|
349
349
|
"description": {
|
|
350
350
|
"type": "string",
|